540 add additional go package metadata (#546)

* update with distinct golang metadata types Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2025-11-17 08:23:15 +01:00 · 2021-10-13 11:00:28 -04:00 · 2021-10-13 11:00:28 -04:00 · 7d13fbf0d4
commit 7d13fbf0d4
parent 10368f6fe8
4 changed files with 50 additions and 12 deletions
--- a/syft/pkg/cataloger/golang/parse_go_bin.go
+++ b/syft/pkg/cataloger/golang/parse_go_bin.go
@ -21,26 +21,27 @@ func parseGoBin(path string, reader io.ReadCloser) ([]pkg.Package, error) {
 		return nil, err
 	}

-	_, mod := findVers(x)
+	goVersion, mod := findVers(x)

-	pkgs := buildGoPkgInfo(path, mod)
+	pkgs := buildGoPkgInfo(path, mod, goVersion)

 	return pkgs, nil
 }

-func buildGoPkgInfo(path, mod string) []pkg.Package {
+func buildGoPkgInfo(path, mod, goVersion string) []pkg.Package {
 	pkgsSlice := make([]pkg.Package, 0)
 	scanner := bufio.NewScanner(strings.NewReader(mod))

 	// filter mod dependencies: [dep, name, version, sha]
 	for scanner.Scan() {
 		fields := strings.Fields(scanner.Text())
-		// must have dep, name, version
-		if len(fields) < 3 {
+
+		// must have dep, name, version, sha
+		if len(fields) < 4 {
 			continue
 		}
-		switch fields[0] {
-		case packageIdentifier:
+
+		if fields[0] == packageIdentifier || fields[0] == replaceIdentifier {
 			pkgsSlice = append(pkgsSlice, pkg.Package{
 				Name:     fields[1],
 				Version:  fields[2],
@ -51,11 +52,12 @@ func buildGoPkgInfo(path, mod string) []pkg.Package {
 						RealPath: path,
 					},
 				},
+				MetadataType: pkg.GolangBinMetadataType,
+				Metadata: pkg.GolangBinMetadata{
+					GoCompiledVersion: goVersion,
+					H1Digest:          fields[3],
+				},
 			})
-		case replaceIdentifier:
-			pkg := &pkgsSlice[len(pkgsSlice)-1]
-			pkg.Name = fields[1]
-			pkg.Version = fields[2]
 		}
 	}

--- a/syft/pkg/cataloger/golang/parse_go_bin_test.go
+++ b/syft/pkg/cataloger/golang/parse_go_bin_test.go
@ -8,6 +8,8 @@ import (
 	"github.com/stretchr/testify/assert"
 )

+const goCompiledVersion = "1.17"
+
 func TestBuildGoPkgInfo(t *testing.T) {
 	tests := []struct {
 		name     string
@ -33,6 +35,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
 					Locations: []source.Location{
 						{},
 					},
+					MetadataType: pkg.GolangBinMetadataType,
+					Metadata: pkg.GolangBinMetadata{
+						GoCompiledVersion: goCompiledVersion,
+						H1Digest:          "h1:VSVdnH7cQ7V+B33qSJHTCRlNgra1607Q8PzEmnvb2Ic=",
+					},
 				},
 				{
 					Name:     "github.com/anchore/client-go",
@ -42,6 +49,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
 					Locations: []source.Location{
 						{},
 					},
+					MetadataType: pkg.GolangBinMetadataType,
+					Metadata: pkg.GolangBinMetadata{
+						GoCompiledVersion: goCompiledVersion,
+						H1Digest:          "h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=",
+					},
 				},
 			},
 		},
@ -62,6 +74,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
 					Locations: []source.Location{
 						{},
 					},
+					MetadataType: pkg.GolangBinMetadataType,
+					Metadata: pkg.GolangBinMetadata{
+						GoCompiledVersion: goCompiledVersion,
+						H1Digest:          "h1:KlOXYy8wQWTUJYFgkUI40Lzr06ofg5IRXUK5C7qZt1k=",
+					},
 				},
 				{
 					Name:     "golang.org/x/sys",
@ -71,6 +88,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
 					Locations: []source.Location{
 						{},
 					},
+					MetadataType: pkg.GolangBinMetadataType,
+					Metadata: pkg.GolangBinMetadata{
+						GoCompiledVersion: goCompiledVersion,
+						H1Digest:          "h1:PjhxBct4MZii8FFR8+oeS7QOvxKOTZXgk63EU2XpfJE=",
+					},
 				},
 				{
 					Name:     "golang.org/x/term",
@ -80,6 +102,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
 					Locations: []source.Location{
 						{},
 					},
+					MetadataType: pkg.GolangBinMetadataType,
+					Metadata: pkg.GolangBinMetadata{
+						GoCompiledVersion: goCompiledVersion,
+						H1Digest:          "h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=",
+					},
 				},
 			},
 		},
@ -88,7 +115,7 @@ func TestBuildGoPkgInfo(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			pkgs := buildGoPkgInfo("", tt.mod)
+			pkgs := buildGoPkgInfo("", tt.mod, goCompiledVersion)
 			assert.Equal(t, tt.expected, pkgs)
 		})
 	}
--- a/syft/pkg/golang_bin_metadata.go
+++ b/syft/pkg/golang_bin_metadata.go
@ -0,0 +1,7 @@
+package pkg
+
+// GolangBinMetadata represents all captured data for a Golang Binary
+type GolangBinMetadata struct {
+	GoCompiledVersion string
+	H1Digest          string
+}
--- a/syft/pkg/metadata.go
+++ b/syft/pkg/metadata.go
@ -15,6 +15,7 @@ const (
 	PythonPackageMetadataType    MetadataType = "PythonPackageMetadata"
 	RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
 	KbPackageMetadataType        MetadataType = "KbPackageMetadata"
+	GolangBinMetadataType        MetadataType = "GolangBinMetadata"
 )

 var AllMetadataTypes = []MetadataType{
@ -27,4 +28,5 @@ var AllMetadataTypes = []MetadataType{
 	PythonPackageMetadataType,
 	RustCargoPackageMetadataType,
 	KbPackageMetadataType,
+	GolangBinMetadataType,
 }